Figure 1-1: Mainframe Access Architecture
This chapter provides an introduction to Mainframe Access and explains what is involved in its administration.
Mainframe Access is the OS/390 and z/OS server for Micro Focus development environments. It is a common component providing access to host resources for environments such as Mainframe Express, Net Express, Revolve Enterprise Edition and Mainframe Access Client. One installation of Mainframe Access can support all of these products, providing connectivity to any number of DB2, IMS, and CICS systems located anywhere in an enterprise. It can also provide access to JES facilities, VSAM data sets, non-VSAM data sets, and data controlled by external library management products such as Panvalet, Librarian and Endevor.
Mainframe Access is the new name for the z/OS middleware that integrates the functions of previous versions of Mainframe Manager and Mainframe Access server. The new Mainframe Access retains all of the Mainframe Manager functionality and adds most functions previously found in the Mainframe Access server. The added functionality includes support for Drag and Drop clients and Source Connect features. This new combination provides improved performance and reduces the overall system overhead. Support for Data Connect features is provided by the Mainframe Access Data Connect server.
Current customers will recognize that the new Mainframe Access retains the "look and feel" of Mainframe Manager with respect to operational commands, configuration definitions, messages, web administration, etc. New parameter definitions for Drag & Drop and Source Connect are used to simplify the customization for these features. Current customers will also recognize that the Mainframe Access Data Connect server retains the "look and feel" of the previous Mainframe Access server. Installation activities for this server have been simplified by eliminating most assembly/link jobs and by removing the customizations for all of the functions incorporated in the new Mainframe Access.
Note: Mainframe Access is supported on z/OS (up to V1R4) and OS/390 environments. Unless specifically stated otherwise, references to z/OS also apply to OS/390.
Mainframe Access is data and transaction middleware that exploits the best features of workgroup and enterprise architectures. Micro Focus client programs can achieve the same performance levels, security, and data integrity that native mainframe applications deliver. The technology requires no changes to existing mainframe security, database, and transaction processing systems.
Mainframe Access provides access to:
Figure 1-1 illustrates the relationships between Mainframe Access, its client systems and the z/OS services it provides.
Figure 1-1: Mainframe Access Architecture
Mainframe Access provides comprehensive support for communications between PC clients and mainframe servers. Mainframe Access supports both TCP/IP and LU6.2 protocols. Mainframe Access' ability to bridge client TCP/IP connections to SNA LU6.2 server connections eliminates the need to install, configure and maintain SNA software packages on your client and server workstations. You can even access any DB2 for z/OS and OS/390 database using TCP/IP client connections, without the need for specific levels of DB2 software. Normally, DB2 Version 5.1, or later, is required for TCP/IP access. Mainframe Access, however, dynamically associates TCP/IP client connections with traditional LU6.2 DRDA connections to the DB2 systems.
Details are as follows:
Mainframe Access has two TCP/IP socket listeners, one for TCP/IP clients using proprietary protocols and one for HTTP clients. The listeners accept client connection requests and examine the request data to determine the target server or internal destination for the request. When the target server is external, the client connection is then associated with an LU6.2 connection to the target server. For each target server type, Mainframe Access creates an initial number of tasks (z/OS TCBs) to handle the client/server connection association and processing. As each connection request arrives, Mainframe Access scans all available tasks for the target server and assigns the new connection request to the task with the lightest load. Mainframe Access' TCP/IP communications support can be used with IBM's z/OS TCP/IP implementation or CA's TCPaccess product.
When the first client request for an LU6.2 target server is received, Mainframe Access establishes the LU6.2 connection to the target server and negotiates session limits for the mode name associated with conversations (user transactions) to the target server. Mainframe Access then prepares an LU6.2 Function Management Header 5 (FMH-5) and allocates a conversation to the target server. The FMH-5 includes any LU6.2 security subfields (user ID and password) provided by the client and an LUW ID (SNA Logical Unit of Work ID) generated by Mainframe Access to manage the unit of work. Packaged user data to be processed by the transaction program follows the FMH-5. Acceptance of the conversation request by the target server starts the execution of the remote transaction program that will process the request. Response data from the remote transaction program is received by Mainframe Access and returned to the requesting client through the TCP/IP connection. If an LU6.2 communications error occurs during the request processing, Mainframe Access creates a special packet containing the LU6.2 error information and returns this to the requesting client.
Mainframe Access provides security features that interact with existing mainframe, operating system, and software security schemes. They are:
Mainframe Access' security component uses the z/OS SAF interface to verify the user IDs and passwords and to check the authorization of users to access and update z/OS data sets. The Password Expiration Manager (PEM) feature of Mainframe Access is used by some client products; PEM allows PC end users to change their mainframe password using the SAF interface. Mainframe Access uses the SAF RACROUTE interface, and therefore exploits the existing security definitions in your external security manager, such as IBM's RACF, CA-ACF-2, and CA-Top Secret.
Mainframe Access and its associated products use several methods of encryption and encoding, including 32-bit private key algorithms, to manage the encryption and decryption of passwords and data.
You can use this optional feature to restrict client connections based on the IP address of the incoming client. You create an access list that specifies which client IP addresses, or ranges of addresses, are allowed or disallowed. Once you have enabled access list checking, Mainframe Access always validates the incoming client's IP address using your specifications and rejects unauthorized connection attempts.
Mainframe Access' optional audit logging facility records client login and logout information to a VSAM file. The information that is recorded includes user ID, login and logout times, target server, security status, and other data.
Mainframe Access' Data Set Services component uses state-of-the-art z/OS data management interfaces and facilities to provide file services for z/OS data sets. Data Set Services is designed to support the data access and security requirements of VSAM and non-VSAM data sets in a high-performance, multi-user environment.
Mainframe Access provides functions to monitor and control the processing of work, for example:
Mainframe Access monitors the activity of clients that have a persistent connection to Mainframe Access for activity and disconnects them from the system after a length of idle time that you specify. It also releases all of the associated client resources on the mainframe, including LU6.2 conversations with server systems.
The tracing facility of Mainframe Access traces both the client flow (usually TCP/IP) and server flow (usually LU6.2) simultaneously, recording all control information and data to a single output destination. The trace information is very useful for diagnosing client/server communication problems. You can turn tracing on and off dynamically while Mainframe Access is running.
Mainframe Access provides a set of simple commands that you can use to monitor and control its run-time operations. You can use the commands from an z/OS console or from a Telnet client; for further information see the chapter Administration Using Console Commands. Mainframe Access also includes a more comprehensive graphical interface to administrative functions that runs in a Web browser; this is described in the chapter Administration Using the Web Interface.
You can use Mainframe Access' administrative interfaces to obtain comprehensive displays of current system activity and internal components of the system. The information provided extends from overall systems operation down to details about individual client/server connections. You can update important operational definitions and functions of the system, such as target server parameters, idle timeout value, access list specifications and trace activity while the system is running.
Mainframe Access' Dependent Address Space Services component uses standard z/OS facilities to create and manage auxiliary Application Server address spaces for program execution. This feature is used to automatically start a Mainframe Access Data Connect server address space during Mainframe Access initialization. The Data Connect server is also stopped automatically during Mainframe Access shutdown.
Mainframe Access Drag & Drop and Source Connect functions are seamlessly integrated into the overall server workload. Mainframe Access' high-performance task, communications, transaction and data set management services are leveraged to increase the speed, reliability and scalability for these functions.
The z/OS libraries for Mainframe Access, Mainframe Access Data Connect and the Remote IMS Server are stored on the CD in a compressed format. Follow the upload instructions on the CD to transfer the compressed files up to a mainframe partitioned data set and then run the restore job to expand all of the compressed files into proper z/OS data sets. All of the product data sets for Mainframe Access, Mainframe Access Data Connect and Remote IMS Server will then be ready to use.
The upload instructions refer you to the UpQuick instructions for Mainframe Access. This file is contained in one of the restored mainframe data sets. Follow the UpQuick instructions to complete the basic customization of z/OS and product parameters for Mainframe Access and Mainframe Access Data Connect. Upon completion of the UpQuick procedure you will be able to start Mainframe Access (Mainframe Access Data Connect will be automatically started as part of Mainframe Access initialization) and validate the successful installation of the software. This quick configuration is the only Mainframe Access setup required for Drag and Drop, SQL Option for DB2, Mainframe Access web administration and basic Mainframe Access Data Connect functions.
Additional setup is required for Mainframe Access Data Connect if you will be using the file name mapping table and/or altering the processing of the SAF security exits. Setup for these features is described in the appendix Data Connect.
The additional setup required for Mainframe Access' access list checking, audit log, and/or external library management system interfaces is described in the chapter Configuration.
If you will be using Remote IMS, CICS Option, Mainframe Transaction Option or SOA Express IMS support, there are Mainframe Access parameters that you must configure to define and activate these features. This is described in the chapter Configuration. Some of the Mainframe Access configuration information must be coordinated with the client configuration for these features. The next section will help you find the documentation needed for client configuration.
Notes:
Mainframe Access functions as middleware, connecting client products to server systems. Client products include Mainframe Express, Mainframe Access Client, Net Express and Revolve Enterprise Edition. The server systems include your existing z/OS database and transaction processing systems (DB2, CICS and IMS), Mainframe Access, and the Mainframe Access Data Connect server. You need to customize the client products and the external server systems that you use to complete the distributed configuration that creates an operational system. For further information on the following clients see the documents listed:
| Mainframe Express SQL Option for DB2 | XDB Link Configuration Guide |
| Mainframe Express IMS Option (Remote IMS) | Mainframe Express IMS Option Technical Guide, Part 2 |
| Mainframe Express CICS Option | Mainframe Express CICS Option Technical Guide |
| Mainframe Express SourceConnect and DataConnect | Mainframe Access Installation and Usage Guide; also Mainframe Express online Help: look up SourceConnect and DataConnect in the index |
| Mainframe Access Drag & Drop | Mainframe Access Installation and Usage Guide |
| Net Express | XDB Link Configuration Guide |
| Revolve Enterprise Edition | Mainframe Access Installation and Usage Guide |
| SOA Express IMS support | SOA Express Configuration Guide |
The source and object library for Mainframe Express Remote IMS Server is installed on your z/OS system as part of the Mainframe Access upload procedure. If you will be using Remote IMS Server you will use components from this library to customize your APPC/MVS and IMS subsystems when you set up your Remote IMS Server. For further information see the following document:
| Mainframe Express Remote IMS Server | Mainframe Express IMS Option Technical Guide, Part 2 |
Copyright © 2007 Micro Focus (IP) Ltd. All rights reserved.